Hello!
I’m Josh, check out my blog posts below or my GitHub, where I host many of my projects.
Nov 23, 2021
HTBxUNI Qualifiers 2021 - Slippy —
Slippy is a web CTF challenge exploiting a Zip Slip vulnerability.
Nov 23, 2021
HTBxUNI Qualifiers 2021 - SteamCloud —
SteamCloud is a cloud CTF challenge with an exposed Kubernetes deployment.
Nov 23, 2021
HTBxUNI Qualifiers 2021 - SteamCoin —
SteamCoin is a web CTF challenge that consists of JWT forgery, XSS in SVGs and CSRF through HTTP smuggling.
Nov 23, 2021
HTBxUNI Qualifiers 2021 - Tree of Danger —
Tree of Danger is a PyJail challenge where the AST of your input is validated in an attempt to prevent RCE.
Oct 26, 2021
Intake CTF - PYJAAAAAAAAAAAAAAAAIL —
A miscellenous PyJail CTF challenge, requiring the user to get a shell using no ASCII letters.
Oct 26, 2021
What I learnt from running my own CTF —
WMG Cyber Society hosted an internal CTF for our members, where I managed the backend, frontend and challenge infrastructure.
Sep 7, 2021
ALLES! CTF - (J)ust (S)erving (P)ages —
A web CTF challenge involving JSP and a insecure reuse of Java's MessageDigest object.
Aug 16, 2021
raCTF - Emojibook 1 & 2 —
A web CTF challenge involving Django, utilising LFI to get RCE via Django cookies.
Mar 1, 2021
pwnEd CTF - Cheesecake Complaints —
A web CTF challenge involving exploitation of JSONP payloads on Google endpoints with lax content security policies.